Hello fellow panthers,

The department of Information Security and the Student Business office would like to make all students aware of a cyber scam that is targeting students in an attempt to steal their financial information.

Here is how the scam works:

  1. The bad guys send the user an email pretending to be from the university’s “tech support” or “IT support” team. This email will contain a link, or multiple links, that will take users to a spoofed university account website.
  2. Once there, the user will be prompted to change their personal account information on the fake page. This allows the bad guys access to your confidential information, which is then used to divert tuition refunds and other financial transactions with the university to an unknown person(s) and location(s).

How to spot a phish email:

  1. Check the address from the “Sender”.  If it is not from an @chapman.edu address, then it is not from Chapman.
  2. Check the link source simply by hovering your cursor over the link (WITHOUT CLICKING) and checking the URL. This information should show from Chapman University or chapman.edu. If not, then it is likely malicious and needs to be reported immediately.
  3.  If the email looks weird or unfamiliar in formatting and there are a lot of grammatical and spelling errors, then it is a phish email and needs to be reported immediately.

Who do I report suspicious emails to?

If at anytime you receive an email that looks suspicious, do not click on any links inside the email. Instead, please forward the suspicious email to abuse@chapman.edu.  Our Information Security and Network Administrator teams will handle it from there.


If you have any questions or would like more information on how to spot phishing attempts, please contact our Information Security team at infosec@chapman.edu.